Advisory shaped by the people writing the standards

Software Bill of Materials (SBOM) is now the default vocabulary of software transparency. A Bill of Materials (BOM) is a structured inventory of the components and relationships that make up a product. Most programs, however, treat it as an output artifact rather than a lifecycle asset. I help teams move from one and done exports to BOM as a strategic input to risk, procurement, incident response, and product management.

Typical scope

• Assess current BOM generation coverage and quality against the CycloneDX Authoritative Guide.
• Advise on generation, enrichment, signing, and distribution patterns for build and post build contexts.
• Guide expansion beyond SBOM into Cryptography Bill of Materials (CBOM), Artificial Intelligence Bill of Materials (AIBOM), Software as a Service Bill of Materials (SaaS-BOM), Operations Bill of Materials (OBOM), and Manufacturing Bill of Materials (MBOM).
• Shape vulnerability and exploitability transparency strategy across Vulnerability Disclosure Reports (VDR), Vulnerability Exploitability eXchange (VEX), and attestation workflows.
• Frame how teams should consume BOMs for vulnerability, policy, provenance, and license decisions.
• Develop the organizational playbook for internal consumers: legal, procurement, product security, incident response, and compliance.

Transparency is the foundation. Hardening is what you do with it. I work with product security, platform engineering, and open source program offices to translate supply chain visibility into real reductions in component risk, vulnerability exposure, and breach blast radius.

Typical scope

• Calibrate program requirements to risk tolerance using the OWASP Software Component Verification Standard (SCVS), which sets the high level control objectives for supply chain integrity.
• Threat model the supply chain path from source to production using established methodologies such as STRIDE, PASTA, or MAESTRO as appropriate.
• Guide OWASP Dependency-Track adoption and tuning for continuous component intelligence across large portfolios.
• Define vulnerability prioritization that considers exploitability, reachability, and blast radius rather than raw Common Vulnerability Scoring System (CVSS) severity.
• Establish open source contribution, consumption, and provenance policies that are realistic for the developer population.
• Advise on artifact provenance using Supply chain Levels for Software Artifacts (SLSA), in-toto, and signed attestations integrated with continuous integration and delivery (CI/CD) pipelines.
• Recommend hardening controls for the build environment, package registries, and release pipelines against tampering.

Artificial intelligence (AI) has moved from a feature to a load bearing part of the supply chain. The models, datasets, embeddings, retrieval pipelines, and agentic tool integrations that ship inside products now carry their own provenance, license, exploitability, and regulatory exposure. At the same time, AI is becoming a force multiplier for the security work it once threatened to overwhelm. I advise on both sides of that equation.

AI supply chain transparency

Treat AI components with the same rigor applied to software dependencies. The CycloneDX Artificial Intelligence Bill of Materials (AIBOM) describes models, datasets, training and fine tuning data, hyperparameters, evaluation criteria, energy consumption, intended use, and known limitations in a machine readable form that downstream consumers can verify and act on. AIBOM is part of the broader CycloneDX (ECMA-424) specification, so the same toolchain that generates a Software Bill of Materials (SBOM) can also describe the AI surface area of a product.

AI assisted secure development

Agentic coding assistants are reshaping how secure work gets done. Used well, they accelerate threat modeling, secure code review, design review, and triage of supply chain concerns. Used poorly, they introduce silent regressions, hallucinated controls, and a confidence gap between what was reviewed and what was actually changed. I help teams build the workflows, guardrails, and review patterns that let them benefit from AI assistance without inheriting a new class of supply chain risk.

Secure by default for agentic systems

Building with agentic AI brings a new threat surface, from prompt injection and indirect prompt injection to tool misuse, untrusted Model Context Protocol (MCP) servers, data exfiltration through retrieval, and excessive agency in autonomous loops. The OWASP Top 10 for Large Language Model Applications, the OWASP AI Security Verification Standard (AISVS), and the MAESTRO threat modeling methodology provide structured ways to reason about these risks. I help product and platform teams adopt secure by default patterns so the agentic systems they ship hold up under adversarial conditions.

Regulatory alignment

AI work intersects an expanding regulatory perimeter. The EU Cyber Resilience Act (CRA) Annex I obligations on secure by design, secure defaults, and vulnerability handling apply to products with digital elements that incorporate AI. The EU Artificial Intelligence Act layers risk based obligations on top of that, with specific requirements for general purpose AI and high risk systems. The U.S. National Institute of Standards and Technology (NIST) Secure Software Development Framework (SSDF) extends to generative AI through Special Publication (SP) 800-218A, and the NIST Artificial Intelligence Risk Management Framework (AI RMF) provides the governance scaffold. I translate these obligations into concrete engineering and documentation work rather than legal anxiety.

Typical scope

• Advise on adoption of an Artificial Intelligence Bill of Materials (AIBOM) practice using CycloneDX, covering models, datasets, embeddings, fine tuning data, and external service dependencies.
• Guide how agentic coding tools should be used inside the secure development lifecycle, including review gates, attestation of human oversight, and provenance of generated changes.
• Frame the threat model for agentic systems using STRIDE, PASTA, and MAESTRO, with attention to prompt injection, tool misuse, supply chain trust boundaries for Model Context Protocol (MCP) servers, and post incident forensics.
• Map product AI capabilities to the CRA Annex I obligations, the EU AI Act risk tiers, NIST SP 800-218A, and the NIST AI Risk Management Framework (AI RMF) to inform a single defensible compliance narrative.
• Benchmark application and model assurance against the OWASP Top 10 for Large Language Model Applications, OWASP AISVS, and the OWASP Machine Learning Security Top 10.
• Recommend secure coding and secure by default patterns for AI features, with practical guidance on input handling, output validation, retrieval trust, sandboxing, and least privilege for tool use.